Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

WARNING! Spyware detected on your computer! [RESOLVED]


  • This topic is locked This topic is locked

#1
Jimi Z

Jimi Z

    New Member

  • Member
  • Pip
  • 7 posts
Hi Forum Experts.
My desktop wallpaper has suddenly changed to a blue background with a red & white box stating 'Warning! Spyware detected on your computer. Install an antivirus or spyware remover to clean your computer'. Also if I try to right-click and access display properties some of the tabs on the menu are missing.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:26 AM, on 8/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\hpoipm07.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sootoday.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [BIO] C:\WINDOWS\BIO.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [shawnotify] c:\progra~1\shaw\update\siuloader.exe /notify
O4 - HKLM\..\Run: [lphc9j4j0e11p] C:\WINDOWS\system32\lphc9j4j0e11p.exe
O4 - HKLM\..\Run: [SMrhccj4j0e11p] C:\Program Files\rhccj4j0e11p\rhccj4j0e11p.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {3C5B2DBA-9C59-4A9D-8CB2-D67F93863962} (CSGI Control) - http://www.crystalsq.../games/CSGI.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...abs/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yim...ctl_0_0_0_1.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1200270043875
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX25.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....302/Coupons.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.blackphot...x/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnime...tupv2.0.0.9.cab?
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnime...upv2.0.0.10.cab?
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - http://ca.f412.mail....e...ew=a&head=b
O24 - Desktop Component 2: Intelligent Desktop - intelligentdesktop.com - http://active.intell...ctive/?18069318

--
End of file - 12955 bytes
  • 0

Advertisements


#2
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello and welcome to GTG..


Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
  • 0

#3
Jimi Z

Jimi Z

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi fenzodahl512

The "WARNING!" desktop is gone and the display properties tabs are back to normal.
I haven't changed anything yet, I just checked for the tabs.
Also MBAM had no problems removing any files.

Here is the MBAM log.

Malwarebytes' Anti-Malware 1.25
Database version: 1087
Windows 5.1.2600 Service Pack 2

5:32:04 PM 8/25/2008
mbam-log-08-25-2008 (17-32-04).txt

Scan type: Full Scan (C:\|)
Objects scanned: 159553
Time elapsed: 1 hour(s), 19 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 19
Registry Values Infected: 8
Registry Data Items Infected: 2
Folders Infected: 15
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/cpbrkpie.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhccj4j0e11p (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\cpbrkpie.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc9j4j0e11p (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhccj4j0e11p (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\MyGlobalSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\JIM\Application Data\rhccj4j0e11p (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\JIM\Application Data\rhccj4j0e11p\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\JIM\Application Data\rhccj4j0e11p\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\JIM\Application Data\rhccj4j0e11p\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\JIM\Application Data\rhccj4j0e11p\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\JIM\Application Data\rhccj4j0e11p\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\JIM\Application Data\rhccj4j0e11p\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\JIM\Application Data\rhccj4j0e11p\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\JIM\Application Data\rhccj4j0e11p\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\JIM\Application Data\rhccj4j0e11p\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\JIM\Application Data\rhccj4j0e11p\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\cpbrkpie.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\blphc9j4j0e11p.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\JIM\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\winzip90.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\JIM\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\JIM\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\JIM\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\phc9j4j0e11p.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  • 0

#4
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please download OTViewIt to your desktop.
  • Close all windows and double click OTViewIt
  • Place a tick in the Scan all Users box
  • In the File Age drop down box select 90 days
  • Click Run Scan and let the program run uninterrupted
  • On completion it will produce two logs on the Desktop, post the OTViewIt.txt and Extras.txt logs in your next post.

  • 0

#5
Jimi Z

Jimi Z

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here is the OTViewIt.txt log

OTViewIt logfile created on: 8/25/2008 9:43:47 PM - Run 1
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\JIM\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 119.48 Mb Available Physical Memory | 46.85% Memory free
735.38 Mb Paging File | 262.69 Mb Available in Paging File | 35.72% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 31.81 Gb Free Space | 56.95% Space Free | Partition Type: NTFS
Drive D: | 62.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 583.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 94580ZR
Current User Name: JIM
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

===== Processes - Non-Microsoft Only =====

[01/31/2008 02:15 PM | 00,149,864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
[08/23/2007 08:35 AM | 00,243,064 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[05/07/2008 10:26 PM | 00,137,200 | ---- | M] (Google) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[05/24/2004 01:35 PM | 00,322,104 | ---- | M] (Eastman Kodak Company) - C:\WINDOWS\SYSTEM32\DRIVERS\KodakCCS.exe
[10/06/2003 03:16 PM | 00,081,920 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\SYSTEM32\nvsvc32.exe
[08/14/2002 08:22 PM | 00,028,672 | R--- | M] (Dell - Advanced Desktop Engineering) - C:\WINDOWS\SYSTEM32\DSentry.exe
[08/17/2001 12:41 AM | 00,028,738 | ---- | M] (Microsoft® Corporation) - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
[07/03/2001 10:11 AM | 00,057,344 | ---- | M] (Hewlett-Packard) - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[11/29/2004 08:53 PM | 00,098,304 | ---- | M] (Apple Computer, Inc.) - C:\Program Files\QuickTime\qttask.exe
[07/23/2003 01:42 PM | 00,069,632 | ---- | M] (Hewlett-Packard Company) - C:\Program Files\HP DVD\Umbrella\DVDTray.exe
[06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[04/29/2008 11:41 PM | 00,185,896 | ---- | M] (RealNetworks, Inc.) - C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[12/28/2005 07:21 AM | 00,270,336 | ---- | M] () - C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
[05/07/2008 10:26 PM | 00,124,400 | ---- | M] (Google) - C:\Program Files\Google\Google Updater\GoogleUpdater.exe
[04/24/2002 02:28 AM | 00,487,484 | ---- | M] (Hewlett-Packard Co.) - C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
[08/11/2004 03:22 AM | 00,757,760 | ---- | M] (Eastman Kodak Company) - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
[02/11/2004 10:00 AM | 00,118,784 | ---- | M] (WinZip Computing, Inc.) - C:\Program Files\WinZip\WZQKPICK.EXE
[01/31/2008 02:15 PM | 00,149,864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
[07/03/2001 10:17 AM | 00,065,536 | ---- | M] () - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
[04/24/2002 02:50 AM | 00,299,008 | ---- | M] (Hewlett-Packard Co.) - C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hpoevm07.exe
[04/24/2002 03:04 AM | 00,290,816 | ---- | M] (Hewlett-Packard Co.) - C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hposts07.exe
[09/17/2002 02:25 AM | 04,669,511 | ---- | M] (Adobe Systems Incorporated) - C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
[04/24/2002 02:24 AM | 00,069,632 | ---- | M] (HP) - C:\WINDOWS\SYSTEM32\hpoipm07.exe
[08/25/2008 09:42 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\JIM\Desktop\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Auto | Running]
[08/23/2007 08:35 AM | 00,243,064 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

(ccEvtMgr) Symantec Event Manager [Auto | Running]
[01/31/2008 02:15 PM | 00,149,864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE

(ccSetMgr) Symantec Settings Manager [Auto | Running]
[01/31/2008 02:15 PM | 00,149,864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE

(CLTNetCnService) Symantec Lic NetConnect service [Auto | Running]
[01/31/2008 02:15 PM | 00,149,864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[08/04/2004 03:56 AM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\SYSTEM32\dmadmin.exe

(gusvc) Google Updater Service [Auto | Running]
[05/07/2008 10:26 PM | 00,137,200 | ---- | M] (Google) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

(KodakCCS) Kodak Camera Connection Software [Auto | Running]
[05/24/2004 01:35 PM | 00,322,104 | ---- | M] (Eastman Kodak Company) - C:\WINDOWS\SYSTEM32\DRIVERS\KodakCCS.exe

(LiveUpdate) LiveUpdate [On_Demand | Stopped]
[08/23/2007 08:35 AM | 03,192,184 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

(LiveUpdate Notice) LiveUpdate Notice [Auto | Running]
[01/31/2008 02:15 PM | 00,149,864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE

(NMSSvc) Intel® NMS [On_Demand | Stopped]
[05/03/2002 01:29 PM | 01,118,208 | ---- | M] (Intel Corporation) - C:\WINDOWS\SYSTEM32\NMSSvc.Exe

(NVSvc) NVIDIA Display Driver Service [Auto | Running]
[10/06/2003 03:16 PM | 00,081,920 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\SYSTEM32\nvsvc32.exe

(Symantec Core LC) Symantec Core LC [On_Demand | Stopped]
[02/12/2008 11:38 AM | 01,251,720 | ---- | M] () - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

===== Driver Services - Non-Microsoft Only =====

(aeaudio) aeaudio [On_Demand | Running]
[04/01/2002 03:15 PM | 00,004,816 | ---- | M] (Andrea Electronics Corporation) - C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys

(AliIde) AliIde [Disabled | Stopped]
[08/17/2001 03:51 PM | 00,005,248 | ---- | M] (Acer Laboratories Inc.) - C:\WINDOWS\SYSTEM32\DRIVERS\ALIIDE.SYS

(amdagp) AMD AGP Bus Filter Driver [Disabled | Stopped]
[08/04/2004 02:07 AM | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) - C:\WINDOWS\SYSTEM32\DRIVERS\amdagp.sys

(asc) asc [Disabled | Stopped]
[08/17/2001 03:52 PM | 00,026,496 | ---- | M] (Advanced System Products, Inc.) - C:\WINDOWS\SYSTEM32\DRIVERS\ASC.SYS

(asc3550) asc3550 [Disabled | Stopped]
[08/17/2001 03:51 PM | 00,014,848 | ---- | M] (Advanced System Products, Inc.) - C:\WINDOWS\SYSTEM32\DRIVERS\ASC3550.SYS

(CmdIde) CmdIde [Disabled | Stopped]
[08/17/2001 03:51 PM | 00,006,656 | ---- | M] (CMD Technology, Inc.) - C:\WINDOWS\SYSTEM32\DRIVERS\CMDIDE.SYS

(COH_Mon) COH_Mon [On_Demand | Stopped]
[07/30/2008 05:42 PM | 00,023,888 | ---- | M] (Symantec Corporation) - C:\WINDOWS\SYSTEM32\DRIVERS\COH_Mon.sys

(dac2w2k) dac2w2k [Disabled | Stopped]
[08/17/2001 03:52 PM | 00,179,584 | ---- | M] (Mylex Corporation) - C:\WINDOWS\SYSTEM32\DRIVERS\DAC2W2K.SYS

(DcCam) Kodak Camera Proxy [System | Running]
[05/20/2004 09:21 AM | 00,036,918 | ---- | M] (Eastman Kodak Company) - C:\WINDOWS\SYSTEM32\DRIVERS\DcCam.sys

(DcFpoint) DcFpoint [On_Demand | Stopped]
[05/20/2004 09:41 AM | 00,061,564 | ---- | M] (Eastman Kodak Company) - C:\WINDOWS\SYSTEM32\DRIVERS\DcFpoint.sys

(DCFS2K) Kodak DCFS2K Driver [Auto | Running]
[06/02/2004 02:19 PM | 00,038,705 | ---- | M] (Eastman Kodak Company) - C:\WINDOWS\SYSTEM32\DRIVERS\DCFS2k.sys

(DcLps) Legacy Polling Service [On_Demand | Stopped]
[05/20/2004 09:39 AM | 00,008,022 | ---- | M] (Eastman Kodak Company) - C:\WINDOWS\SYSTEM32\DRIVERS\DcLps.sys

(DcPTP) DcPTP [On_Demand | Stopped]
[05/20/2004 09:45 AM | 00,068,950 | ---- | M] (Eastman Kodak Company) - C:\WINDOWS\SYSTEM32\DRIVERS\DcPtp.sys

(dmboot) dmboot [Disabled | Stopped]
[08/04/2004 02:07 AM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\SYSTEM32\DRIVERS\dmboot.sys

(dmio) dmio [Disabled | Stopped]
[08/04/2004 02:07 AM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\SYSTEM32\DRIVERS\dmio.sys

(dmload) dmload [Disabled | Stopped]
[08/29/2002 07:00 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS

(E100B) Intel® PRO Adapter Driver [On_Demand | Running]
[04/30/2002 02:53 PM | 00,139,776 | ---- | M] (Intel Corporation) - C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys

(eeCtrl) Symantec Eraser Control driver [System | Running]
[01/22/2008 05:00 AM | 00,385,072 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

(EL90XBC) 3Com EtherLink XL 90XB/C Adapter Driver [On_Demand | Stopped]
[08/17/2001 02:11 PM | 00,066,591 | ---- | M] (3Com Corporation) - C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS

(EraserUtilRebootDrv) EraserUtilRebootDrv [On_Demand | Running]
[01/22/2008 05:00 AM | 00,109,616 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

(Exportit) Exportit [System | Stopped]
[06/02/2004 02:17 PM | 00,151,985 | ---- | M] (Eastman Kodak Company) - C:\WINDOWS\SYSTEM32\DRIVERS\ExportIt.sys

(i81x) i81x [On_Demand | Stopped]
[08/04/2004 01:29 AM | 00,161,020 | ---- | M] (Intel® Corporation) - C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys

(iAimFP0) iAimFP0 [On_Demand | Stopped]
[08/04/2004 01:29 AM | 00,012,415 | ---- | M] (Intel® Corporation) - C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys

(iAimFP1) iAimFP1 [On_Demand | Stopped]
[08/04/2004 01:29 AM | 00,012,127 | ---- | M] (Intel® Corporation) - C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys

(iAimFP2) iAimFP2 [On_Demand | Stopped]
[08/04/2004 01:29 AM | 00,011,775 | ---- | M] (Intel® Corporation) - C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys

(iAimFP3) iAimFP3 [On_Demand | Stopped]
[08/04/2004 01:29 AM | 00,012,063 | ---- | M] (Intel® Corporation) - C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys

(iAimFP4) iAimFP4 [On_Demand | Stopped]
[08/04/2004 01:29 AM | 00,019,455 | ---- | M] (Intel® Corporation) - C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys

(iAimTV0) iAimTV0 [On_Demand | Stopped]
[08/04/2004 01:29 AM | 00,029,311 | ---- | M] (Intel® Corporation) - C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys

(iAimTV1) iAimTV1 [On_Demand | Stopped]
[08/04/2004 01:29 AM | 00,019,551 | ---- | M] (Intel® Corporation) - C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys

(iAimTV3) iAimTV3 [On_Demand | Stopped]
[08/04/2004 01:29 AM | 00,033,599 | ---- | M] (Intel® Corporation) - C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys

(iAimTV4) iAimTV4 [On_Demand | Stopped]
[08/04/2004 01:29 AM | 00,023,615 | ---- | M] (Intel® Corporation) - C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys

(MASPINT) MASPINT [Auto | Running]
[06/21/2002 07:42 PM | 00,008,224 | ---- | M] (MicroStaff Co.,Ltd.) - C:\WINDOWS\System32\drivers\MASPINT.SYS

(mraid35x) mraid35x [Disabled | Stopped]
[08/17/2001 03:52 PM | 00,017,280 | ---- | M] (American Megatrends Inc.) - C:\WINDOWS\SYSTEM32\DRIVERS\MRAID35X.SYS

(NAVENG) NAVENG [On_Demand | Running]
[07/12/2008 01:00 AM | 00,089,936 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080712.002\NAVENG.SYS

(NAVEX15) NAVEX15 [On_Demand | Running]
[07/12/2008 01:00 AM | 00,856,336 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080712.002\NAVEX15.SYS

(NMSCFG) NIC Management Service Configuration Driver [On_Demand | Stopped]
[05/03/2002 01:30 PM | 00,009,868 | ---- | M] (Intel Corporation) - C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS

(nv) nv [On_Demand | Running]
[10/06/2003 03:16 PM | 01,550,043 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys

(omci) OMCI WDM Device Driver [System | Running]
[07/19/2002 12:22 PM | 00,017,153 | ---- | M] (Dell Computer Corporation) - C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys

(pfc) Padus ASPI Shell [On_Demand | Running]
[09/19/2003 04:47 PM | 00,010,368 | ---- | M] (Padus, Inc.) - C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[08/29/2002 07:00 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS

(PxHelp20) PxHelp20 [Boot | Running]
[04/22/2004 03:02 AM | 00,020,368 | ---- | M] (Sonic Solutions) - C:\WINDOWS\SYSTEM32\DRIVERS\pxhelp20.sys

(PZYRXTAK) PZYRXTAK [Auto | Stopped]
File not found - C:\WINDOWS\system32\pzyrxtak.wes

(ql1080) ql1080 [Disabled | Stopped]
[08/17/2001 03:52 PM | 00,040,320 | ---- | M] (QLogic Corporation) - C:\WINDOWS\SYSTEM32\DRIVERS\QL1080.SYS

(ql12160) ql12160 [Disabled | Stopped]
[08/17/2001 03:52 PM | 00,045,312 | ---- | M] (QLogic Corporation) - C:\WINDOWS\SYSTEM32\DRIVERS\QL12160.SYS

(ql1280) ql1280 [Disabled | Stopped]
[08/17/2001 03:52 PM | 00,049,024 | ---- | M] (QLogic Corporation) - C:\WINDOWS\SYSTEM32\DRIVERS\QL1280.SYS

(Secdrv) Secdrv [On_Demand | Stopped]
[11/13/2007 06:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys

(sisagp) SIS AGP Bus Filter [Disabled | Stopped]
[08/04/2004 02:07 AM | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) - C:\WINDOWS\SYSTEM32\DRIVERS\sisagp.sys

(smwdm) smwdm [On_Demand | Running]
[08/05/2002 11:23 AM | 00,545,208 | ---- | M] (Analog Devices, Inc.) - C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys

(Sparrow) Sparrow [Disabled | Stopped]
[08/17/2001 04:07 PM | 00,019,072 | ---- | M] (Adaptec, Inc.) - C:\WINDOWS\SYSTEM32\DRIVERS\SPARROW.SYS

(SPBBCDrv) SPBBCDrv [System | Running]
[08/17/2007 09:23 AM | 00,446,512 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

(SQTECH905C) DualCamera [On_Demand | Stopped]
[07/13/2005 11:08 AM | 00,033,890 | ---- | M] (Service & Quality Technology.) - C:\WINDOWS\SYSTEM32\DRIVERS\Capt905c.sys

(SRS_SSCFilter) SRS Labs Audio Sandbox (WDM) [On_Demand | Stopped]
[05/03/2007 10:28 AM | 00,039,552 | R--- | M] () - C:\WINDOWS\SYSTEM32\DRIVERS\SRS_SSCFilter_i386.sys

(SRTSP) SRTSP [On_Demand | Running]
[12/01/2007 12:57 AM | 00,279,088 | ---- | M] (Symantec Corporation) - C:\WINDOWS\SYSTEM32\DRIVERS\srtsp.sys

(SRTSPL) SRTSPL [On_Demand | Stopped]
[12/01/2007 12:57 AM | 00,317,616 | ---- | M] (Symantec Corporation) - C:\WINDOWS\SYSTEM32\DRIVERS\srtspl.sys

(SRTSPX) SRTSPX [System | Running]
[12/01/2007 12:57 AM | 00,043,696 | ---- | M] (Symantec Corporation) - C:\WINDOWS\SYSTEM32\DRIVERS\srtspx.sys

(symc810) symc810 [Disabled | Stopped]
[08/17/2001 04:07 PM | 00,016,256 | ---- | M] (Symbios Logic Inc.) - C:\WINDOWS\SYSTEM32\DRIVERS\SYMC810.SYS

(symc8xx) symc8xx [Disabled | Stopped]
[08/17/2001 04:07 PM | 00,032,640 | ---- | M] (LSI Logic) - C:\WINDOWS\SYSTEM32\DRIVERS\SYMC8XX.SYS

(SYMDNS) SYMDNS [On_Demand | Running]
[08/13/2007 08:50 AM | 00,013,616 | ---- | M] (Symantec Corporation) - C:\WINDOWS\SYSTEM32\DRIVERS\symdns.sys

(SymEvent) SymEvent [On_Demand | Running]
[06/03/2008 06:04 PM | 00,123,952 | ---- | M] (Symantec Corporation) - C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS

(SYMFW) SYMFW [On_Demand | Running]
[08/13/2007 08:50 AM | 00,096,432 | ---- | M] (Symantec Corporation) - C:\WINDOWS\SYSTEM32\DRIVERS\symfw.sys

(SYMIDS) SYMIDS [On_Demand | Running]
[08/13/2007 08:50 AM | 00,038,576 | ---- | M] (Symantec Corporation) - C:\WINDOWS\SYSTEM32\DRIVERS\symids.sys

(SYMIDSCO) SYMIDSCO [On_Demand | Running]
[02/13/2008 12:18 PM | 00,240,496 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080617.001\SymIDSCo.sys

(SymIM) Symantec Network Security Intermediate Filter Service [On_Demand | Stopped]
[08/09/2007 12:27 PM | 00,031,280 | ---- | M] (Symantec Corporation) - C:\WINDOWS\SYSTEM32\DRIVERS\SymIM.sys

(SymIMMP) SymIMMP [On_Demand | Running]
[08/09/2007 12:27 PM | 00,031,280 | ---- | M] (Symantec Corporation) - C:\WINDOWS\SYSTEM32\DRIVERS\SymIM.sys

(SYMNDIS) SYMNDIS [On_Demand | Running]
[08/13/2007 08:50 AM | 00,037,424 | ---- | M] (Symantec Corporation) - C:\WINDOWS\SYSTEM32\DRIVERS\symndis.sys

(SYMREDRV) SYMREDRV [On_Demand | Running]
[08/13/2007 08:50 AM | 00,022,320 | ---- | M] (Symantec Corporation) - C:\WINDOWS\SYSTEM32\DRIVERS\symredrv.sys

(SYMTDI) SYMTDI [System | Running]
[08/13/2007 08:50 AM | 00,188,464 | ---- | M] (Symantec Corporation) - C:\WINDOWS\SYSTEM32\DRIVERS\symtdi.sys

(sym_hi) sym_hi [Disabled | Stopped]
[08/17/2001 04:07 PM | 00,028,384 | ---- | M] (LSI Logic) - C:\WINDOWS\SYSTEM32\DRIVERS\SYM_HI.SYS

(sym_u3) sym_u3 [Disabled | Stopped]
[08/17/2001 04:07 PM | 00,030,688 | ---- | M] (LSI Logic) - C:\WINDOWS\SYSTEM32\DRIVERS\SYM_U3.SYS

(ultra) ultra [Disabled | Stopped]
[08/17/2001 03:52 PM | 00,036,736 | ---- | M] (Promise Technology, Inc.) - C:\WINDOWS\SYSTEM32\DRIVERS\ULTRA.SYS

(X4HS32) X4HS32 [Auto | Running]
[12/02/2003 01:26 PM | 00,021,627 | ---- | M] (Exent Technologies Ltd.) - C:\Program Files\EXEtender\X4HS32.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BearFlix" = "C:\Program Files\BearFlix\BearFlix.exe" /pause File not found
"BIO" = C:\WINDOWS\BIO.exe File not found
"ccApp" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/31/2008 02:15 PM | 00,051,048 | ---- | M] (Symantec Corporation)
"DVDBitSet" = "C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" /NOUI [12/18/2003 05:37 PM | 00,184,320 | ---- | M] (Hewlett-Packard Company)
"DVDSentry" = C:\WINDOWS\System32\DSentry.exe [08/14/2002 08:22 PM | 00,028,672 | R--- | M] (Dell - Advanced Desktop Engineering)
"DVDTray" = "C:\Program Files\HP DVD\Umbrella\DVDTray.exe" [07/23/2003 01:42 PM | 00,069,632 | ---- | M] (Hewlett-Packard Company)
"Microsoft Works Update Detection" = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [08/17/2001 12:41 AM | 00,028,738 | ---- | M] (Microsoft® Corporation)
"NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [10/06/2003 03:16 PM | 05,058,560 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [10/06/2003 03:16 PM | 00,049,152 | ---- | M] (NVIDIA Corporation)
"nwiz" = nwiz.exe /install [10/06/2003 03:16 PM | 00,741,376 | ---- | M] (NVIDIA Corporation)
"osCheck" = "C:\Program Files\Norton AntiVirus\osCheck.exe" [08/24/2007 04:53 PM | 00,714,608 | ---- | M] (Symantec Corporation)
"QuickTime Task" = "C:\Program Files\QuickTime\qttask.exe" -atboottime [11/29/2004 08:53 PM | 00,098,304 | ---- | M] (Apple Computer, Inc.)
"REGSHAVE" = C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN [02/04/2002 11:32 PM | 00,053,248 | ---- | M] (FUJI PHOTO FILM CO., LTD.)
"Share-to-Web Namespace Daemon" = C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [07/03/2001 10:11 AM | 00,057,344 | ---- | M] (Hewlett-Packard)
"shawnotify" = c:\progra~1\shaw\update\siuloader.exe /notify [07/15/2008 03:37 PM | 00,378,144 | ---- | M] (Shaw Cablesystems)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"TkBellExe" = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [04/29/2008 11:41 PM | 00,185,896 | ---- | M] (RealNetworks, Inc.)
"UpdateManager" = "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r [08/19/2003 02:01 AM | 00,110,592 | ---- | M] (Sonic Solutions)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
"" = File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Audio Sandbox" = "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-21-4169335272-1270071699-3278186619-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Audio Sandbox" = "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme File not found

[HKEY_USERS\S-1-5-21-4169335272-1270071699-3278186619-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[12/28/2005 07:21 AM | 00,270,336 | ---- | M] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
[05/07/2008 10:26 PM | 00,124,400 | ---- | M] (Google) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
[04/24/2002 02:28 AM | 00,487,484 | ---- | M] (Hewlett-Packard Co.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
[08/11/2004 03:22 AM | 00,757,760 | ---- | M] (Eastman Kodak Company) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
[02/11/2004 10:00 AM | 00,118,784 | ---- | M] (WinZip Computing, Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

[JIM Startup Folder - C:\Documents and Settings\JIM\Start Menu\Programs\Startup]

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (AcroIEHlprObj Class) - [04/16/2001 05:39 PM | 00,037,808 | ---- | M] () C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
HKLM CLSID: (RealPlayer Download and Record Plugin for Internet Explorer) - [04/29/2008 11:42 PM | 00,308,856 | ---- | M] (RealPlayer) C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
HKLM CLSID: (Symantec Intrusion Prevention) - [02/12/2008 11:40 AM | 00,116,088 | ---- | M] (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
HKLM CLSID: (Google Toolbar Notifier BHO) - [05/07/2008 10:26 PM | 00,654,320 | ---- | M] (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3215F20-3212-11D6-9F8B-00D0B743919D}]
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_USERS\S-1-5-21-4169335272-1270071699-3278186619-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_USERS\S-1-5-21-4169335272-1270071699-3278186619-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
Unable to open key or key not present!


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"NoDispBackgroundPage" = 0
"NoDispScrSavPage" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-21-4169335272-1270071699-3278186619-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-21-4169335272-1270071699-3278186619-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"NoDispBackgroundPage" = 0
"NoDispScrSavPage" = 0

===== Desktop Components =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = ""
"Source" = "http://ca.f412.mail....&view=a&head=b"
"SubscribedURL" = "http://ca.f412.mail....&view=a&head=b"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"FriendlyName" = "Intelligent Desktop - intelligentdesktop.com"
"Source" = "http://active.intell...tive/?18069318"
"SubscribedURL" = "http://active.intell...com/active.cdf"

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\SYSTEM32\sessmgr.exe [08/04/2004 03:56 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 08:44 AM | 00,557,568 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\SYSTEM32\sessmgr.exe [08/04/2004 03:56 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe [06/23/2008 05:20 AM | 00,625,664 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Real\RealOne Player\realplay.exe" = C:\Program Files\Real\RealOne Player\realplay.exe File not found
"C:\Program Files\Grisoft\AVG Free\avgw.exe" = C:\Program Files\Grisoft\AVG Free\avgw.exe File not found
"C:\Program Files\Grisoft\AVG Free\avgcc.exe" = C:\Program Files\Grisoft\AVG Free\avgcc.exe File not found
"C:\Program Files\Grisoft\AVG Free\avgvv.exe" = C:\Program Files\Grisoft\AVG Free\avgvv.exe File not found
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [02/11/2004 05:58 PM | 00,016,423 | ---- | M] ()
"C:\Program Files\Yahoo! Games\Cubis Gold 2\cubis2.exe" = C:\Program Files\Yahoo! Games\Cubis Gold 2\cubis2.exe File not found
"C:\WINDOWS\SYSTEM32\dpvsetup.exe" = C:\WINDOWS\SYSTEM32\dpvsetup.exe [08/04/2004 03:56 AM | 00,083,456 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\SYSTEM32\rundll32.exe" = C:\WINDOWS\SYSTEM32\rundll32.exe [08/04/2004 03:56 AM | 00,033,280 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe" = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe File not found
"C:\Program Files\Yahoo! Games\Blasterball 2 Remix\bb2remix.exe" = C:\Program Files\Yahoo! Games\Blasterball 2 Remix\bb2remix.exe File not found
"C:\Program Files\GameHouse\GemDrop\GemDrop.exe" = C:\Program Files\GameHouse\GemDrop\GemDrop.exe File not found
"C:\Program Files\BearShare\BearShare.exe" = C:\Program Files\BearShare\BearShare.exe File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 08:44 AM | 00,557,568 | ---- | M] (Microsoft Corporation)
"C:\Program Files\BearFlix\bearflix.exe" = C:\Program Files\BearFlix\bearflix.exe File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe File not found

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [06/13/2007 06:23 AM | 01,033,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [08/04/2004 03:56 AM | 00,024,576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SYSTEM32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [08/04/2004 03:56 AM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SYSTEM32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [10/25/2007 11:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SYSTEM32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [08/04/2004 03:56 AM | 00,298,496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SYSTEM32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = msnmsgr
"hkey" = HKCU
"command" = C:\Program Files\MSN Messenger\msnmsgr.exe File not found
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 0
"services" = 0
"startup" = 2

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{A5FC9EB4-564C-4C28-B571-ED16385258D5}]
Servers: | Description: Intel® PRO/100 VE Network Connection

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{E1918B6A-BF8B-4428-9A90-3F41192FF1F0}]
Servers: | Description:

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

===== Autorun Files on Drives =====

AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
[12/25/2004 12:43 PM | 00,000,050 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

AUTORUN.EXE [MZP | ]
[12/22/1997 10:54 AM | 00,055,808 | R--- | M] () D:\AUTORUN.EXE [ CDFS ]

AUTORUN.INF [[autorun] | open=launcher.exe | icon=encore.ico | ]
[09/14/2000 12:59 PM | 00,000,045 | R--- | M] () D:\AUTORUN.INF [ CDFS ]

Autorun.exe [MZ | ]
[10/02/2001 06:13 AM | 00,299,008 | R--- | M] () E:\Autorun.exe [ CDFS ]

autorun.inf [[autorun] | open=autorun.exe | icon=CD.ico | ]
[09/12/2001 12:18 PM | 00,000,040 | R--- | M] () E:\autorun.inf [ CDFS ]

autorun.pcx [ |  | ]
[08/30/2001 01:55 PM | 00,189,819 | R--- | M] () E:\autorun.pcx [ CDFS ]

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{725447b7-8fe6-11db-91c2-0007e9c8fee6}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{725447b7-8fe6-11db-91c2-0007e9c8fee6}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\SYSTEM32\shell32.dll [10/25/2007 11:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{725447b7-8fe6-11db-91c2-0007e9c8fee6}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81207a42-6e40-11d8-b5bd-0007e9c8fee6}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81207a42-6e40-11d8-b5bd-0007e9c8fee6}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\SYSTEM32\shell32.dll [10/25/2007 11:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81207a42-6e40-11d8-b5bd-0007e9c8fee6}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe99e83e-7848-11dc-91f1-0007e9c8fee6}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe99e83e-7848-11dc-91f1-0007e9c8fee6}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\SYSTEM32\shell32.dll [10/25/2007 11:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe99e83e-7848-11dc-91f1-0007e9c8fee6}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun]
"" = Auto&Play

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun\command]
"" = D:\launcher.exe [01/14/2001 03:34 PM | 00,188,464 | R--- | M] ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun]
"" = Auto&Play

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun\command]
"" = E:\autorun.exe [10/02/2001 06:13 AM | 00,299,008 | R--- | M] ()

===== Hosts File =====

HOSTS File = (23 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost



[Files/Folders - Created Within 90 days]
[06/14/2008 10:21 PM | ---D | C] - C:\unzipped
[07/09/2008 08:24 AM | ---D | C] - C:\DISNEY
[08/01/2008 12:19 AM | ---D | C] - C:\temp
[08/22/2008 09:04 AM | ---D | C] - C:\VundoFix Backups
[08/25/2008 05:35 PM | 26,746,0608 | -HS- | C] () - C:\hiberfil.sys
[08/17/2008 03:01 PM | 00,017,144 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[06/10/2008 01:21 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe
[06/10/2008 01:21 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe
[06/10/2008 02:32 AM | 00,139,264 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe
[11/18/2003 12:37 AM | 00,072,192 | ---- | C] () - C:\WINDOWS\System32\zlib.dll
[11/22/2007 10:00 AM | 00,483,328 | ---- | C] (SoftShape Development) - C:\WINDOWS\System32\actskn45.ocx
[4 C:\WINDOWS\*.tmp files]
[07/04/2008 07:21 AM | ---D | C] - C:\WINDOWS\.jagex_cache_32
[07/09/2008 08:43 AM | 00,000,333 | ---- | C] () - C:\WINDOWS\7THLEVEL.INI
[08/25/2008 03:39 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[1 C:\Documents and Settings\JIM\Application Data\*.tmp files]
[07/21/2008 12:21 PM | ---D | C] - C:\Documents and Settings\JIM\Application Data\BearShare
[08/25/2008 03:40 PM | ---D | C] - C:\Documents and Settings\JIM\Application Data\Malwarebytes
[06/29/2008 10:48 PM | ---D | C] - C:\Documents and Settings\JIM\Local Settings\Application Data\Oberon Games
[07/31/2008 11:50 AM | 00,000,681 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Shaw Support.lnk
[06/18/2008 10:51 AM | ---D | C] - C:\Documents and Settings\JIM\Desktop\Soccer
[08/24/2008 07:02 PM | 00,000,226 | ---- | C] () - C:\Documents and Settings\JIM\Desktop\Welcome to Webkinz® - a Ganz website.url
@Alternate Data Stream - 2550 bytes -> %UserProfile%\Desktop\Welcome to Webkinz® - a Ganz website.url:favicon
[08/25/2008 09:42 PM | 01,299,968 | ---- | C] (OldTimer Tools) - C:\Documents and Settings\JIM\Desktop\OTViewIt.exe
[07/21/2008 10:24 AM | ---D | C] - C:\Program Files\BearShare Applications
[07/31/2008 11:51 AM | ---D | C] - C:\Program Files\shaw
[08/22/2008 08:27 AM | ---D | C] - C:\Program Files\Trend Micro
[08/25/2008 03:40 PM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware

[Files/Folders - Modified Within 90 days]
[06/14/2008 10:21 PM | ---D | M] - C:\unzipped
[07/09/2008 08:24 AM | ---D | M] - C:\DISNEY
[07/27/2008 02:58 AM | ---D | M] - C:\My Games
[08/01/2008 12:19 AM | ---D | M] - C:\temp
[08/12/2008 06:02 PM | ---D | M] - C:\My Download Files
[08/19/2008 09:38 AM | -HSD | M] - C:\System Volume Information
[08/22/2008 09:04 AM | ---D | M] - C:\VundoFix Backups
[08/25/2008 05:32 PM | ---D | M] - C:\Program Files
[08/25/2008 05:34 PM | ---D | M] - C:\WINDOWS
[08/25/2008 05:35 PM | 26,746,0608 | -HS- | M] () - C:\hiberfil.sys
[06/03/2008 06:04 PM | 00,000,805 | ---- | M] () - C:\WINDOWS\System32\drivers\SYMEVENT.INF
[06/03/2008 06:04 PM | 00,010,671 | ---- | M] () - C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[06/03/2008 06:04 PM | 00,123,952 | ---- | M] (Symantec Corporation) - C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[07/30/2008 05:28 PM | 00,000,706 | ---- | M] () - C:\WINDOWS\System32\drivers\COH_Mon.inf
[07/30/2008 05:28 PM | 00,010,537 | ---- | M] () - C:\WINDOWS\System32\drivers\coh_mon.cat
[07/30/2008 05:42 PM | 00,023,888 | ---- | M] (Symantec Corporation) - C:\WINDOWS\System32\drivers\COH_Mon.sys
[08/17/2008 03:01 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2 C:\WINDOWS\System32\*.tmp files]
[06/03/2008 06:04 PM | 00,060,800 | ---- | M] (Symantec Corporation) - C:\WINDOWS\System32\S32EVNT1.DLL
[06/10/2008 01:21 AM | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe
[06/10/2008 01:21 AM | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe
[06/10/2008 02:32 AM | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javacpl.cpl
[06/10/2008 02:32 AM | 00,139,264 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe
[06/21/2008 12:37 PM | ---D | M] - C:\WINDOWS\System32\Adobe
[08/19/2008 09:36 AM | RHSD | M] - C:\WINDOWS\System32\DLLCACHE
[08/19/2008 09:38 AM | ---D | M] - C:\WINDOWS\System32\Restore
[08/25/2008 05:34 PM | ---D | M] - C:\WINDOWS\System32\DRIVERS
[08/25/2008 05:35 PM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[08/25/2008 05:37 PM | 00,001,170 | ---- | M] () - C:\WINDOWS\System32\WPA.DBL
[4 C:\WINDOWS\*.tmp files]
[07/04/2008 07:21 AM | ---D | M] - C:\WINDOWS\.jagex_cache_32
[07/07/2008 01:40 PM | ---D | M] - C:\WINDOWS\Registration
[07/09/2008 08:43 AM | 00,000,333 | ---- | M] () - C:\WINDOWS\7THLEVEL.INI
[07/20/2008 10:22 AM | --SD | M] - C:\WINDOWS\Downloaded Program Files
[08/01/2008 12:50 PM | 00,000,207 | ---- | M] () - C:\WINDOWS\encore_launcher.ini
[08/15/2008 06:05 AM | ---D | M] - C:\WINDOWS\ie7updates
[08/15/2008 06:10 AM | -HSD | M] - C:\WINDOWS\Installer
[08/15/2008 06:11 AM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/15/2008 06:11 AM | -H-D | M] - C:\WINDOWS\$hf_mig$
[08/18/2008 05:27 PM | ---D | M] - C:\WINDOWS\Help
[08/20/2008 12:39 AM | -H-D | M] - C:\WINDOWS\INF
[08/25/2008 05:35 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\BOOTSTAT.DAT
[08/25/2008 05:37 PM | 00,054,156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn
[08/25/2008 08:19 PM | ---D | M] - C:\WINDOWS\Prefetch
[08/25/2008 09:41 PM | ---D | M] - C:\WINDOWS\SYSTEM32
[08/25/2008 09:41 PM | ---D | M] - C:\WINDOWS\Temp
[08/25/2008 03:30 AM | 00,000,398 | ---- | M] () - C:\WINDOWS\tasks\ErrorSmart Scheduled Scan.job
[08/25/2008 05:35 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/25/2008 08:19 AM | 00,000,552 | ---- | M] () - C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - JIM.job
[08/25/2008 08:57 PM | 00,000,254 | ---- | M] () - C:\WINDOWS\tasks\Windows Update.job
[06/29/2008 08:41 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\PlayFirst
[08/05/2008 09:37 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Symantec
[08/25/2008 02:18 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Google Updater
[08/25/2008 03:39 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[1 C:\Documents and Settings\JIM\Application Data\*.tmp files]
[06/21/2008 12:25 PM | ---D | M] - C:\Documents and Settings\JIM\Application Data\Adobe
[06/29/2008 08:41 PM | ---D | M] - C:\Documents and Settings\JIM\Application Data\PlayFirst
[07/21/2008 12:21 PM | ---D | M] - C:\Documents and Settings\JIM\Application Data\BearShare
[08/25/2008 03:40 PM | ---D | M] - C:\Documents and Settings\JIM\Application Data\Malwarebytes
[06/29/2008 10:48 PM | ---D | M] - C:\Documents and Settings\JIM\Local Settings\Application Data\Oberon Games
[08/05/2008 09:36 PM | ---D | M] - C:\Documents and Settings\JIM\Local Settings\Application Data\Microsoft
[08/25/2008 05:33 PM | 01,582,038 | -H-- | M] () - C:\Documents and Settings\JIM\Local Settings\Application Data\IconCache.db
[08/06/2008 11:03 PM | 01,598,464 | R--- | M] () - C:\Documents and Settings\All Users\Documents\ESBK.mb
[08/06/2008 11:03 PM | 03,074,048 | R--- | M] () - C:\Documents and Settings\All Users\Documents\ESBK.mbb
[06/02/2008 02:34 PM | ---D | M] - C:\Documents and Settings\JIM\My Documents\My Games
[06/10/2008 04:29 PM | 00,037,888 | ---- | M] () - C:\Documents and Settings\JIM\My Documents\Books Read.xlr
[06/10/2008 05:27 PM | 00,028,160 | ---- | M] () - C:\Documents and Settings\JIM\My Documents\Books To Look For.xlr
[07/21/2008 11:50 AM | R--D | M] - C:\Documents and Settings\JIM\My Documents\My Music
[08/24/2008 02:13 AM | R--D | M] - C:\Documents and Settings\JIM\My Documents\My Pictures
[07/31/2008 11:50 AM | 00,000,681 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Shaw Support.lnk
[06/18/2008 10:51 AM | ---D | M] - C:\Documents and Settings\JIM\Desktop\Soccer
[07/21/2008 02:20 PM | R--D | M] - C:\Documents and Settings\JIM\Desktop\Bearshare
[08/07/2008 03:08 PM | R--D | M] - C:\Documents and Settings\JIM\Desktop\Unused Files
[08/21/2008 01:24 AM | ---D | M] - C:\Documents and Settings\JIM\Desktop\JOB POSTINGS
[08/24/2008 07:02 PM | 00,000,226 | ---- | M] () - C:\Documents and Settings\JIM\Desktop\Welcome to Webkinz® - a Ganz website.url
@Alternate Data Stream - 2550 bytes -> %UserProfile%\Desktop\Welcome to Webkinz® - a Ganz website.url:favicon
[08/25/2008 05:57 PM | R--D | M] - C:\Documents and Settings\JIM\Desktop\SCAN PROGRAMS
[08/25/2008 09:42 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\JIM\Desktop\OTViewIt.exe
[08/19/2008 09:58 AM | ---D | M] - C:\Program Files\Common Files\Symantec Shared

< End of report >

and here is the Extrs.txt log

OTViewIt Extras logfile created on: 8/25/2008 9:43:47 PM - Run 1
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\JIM\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 119.48 Mb Available Physical Memory | 46.85% Memory free
735.38 Mb Paging File | 262.69 Mb Available in Paging File | 35.72% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 31.81 Gb Free Space | 56.95% Space Free | Partition Type: NTFS
Drive D: | 62.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 583.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

===== File Associations =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - File not found -
.cmd [@ = cmdfile] - File not found -
.com [@ = comfile] - File not found -
.exe [@ = exefile] - File not found -
.pif [@ = piffile] - File not found -
.scr [@ = scrfile] - File not found -

===== Uninstall List =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{01001202-823E-46CD-A70E-BEE818F97169}" = Microsoft Encarta Encyclopedia Standard 2002
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel® PROSet II
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}" = Security Update for CAPICOM (KB931906)
"{1063EB55-E42D-4755-9F83-BF20389E5524}" = TAXWIZ 2006
"{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}" = VCAMCEN
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}" = Microsoft Streets and Trips 2002
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{1666FA7C-CB5F-11D6-A78C-00B0D079AF64}" = Java 2 Runtime Environment, SE v1.4.1_01
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{22EC35BD-F8F2-45EB-8DCB-1C7FB65D0A71}" = QuickTax 2007
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.4.0
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = EXEtender Player
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
  • 0

#6
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\BIO.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BIO
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3215F20-3212-11D6-9F8B-00D0B743919D}
    D:\AUTORUN.INF
    E:\autorun.inf
    E:\autorun.pcx
    D:\AUTORUN.EXE
    E:\Autorun.exe
    EmptyTemp
    purity
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If above OTMoveIt2 link above is broken, please use this link instead..




NEXT


Please download from Flash_Disinfector by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.




NEXT


Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts. A log will appear (JavaRa.log), please post the contents of this log on the forum.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.




NEXT


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic



Please post these in your next reply.. Post each report in separate post..

1. OTMoveIt2
2. NOD32 online scanner
3. Tell me about your computer..
  • 0

#7
Jimi Z

Jimi Z

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here is the OTMoveit Log.
I'm running the flash_disinfector now, then the JavaRa and will post both separately when they are finished.

BTW, What do you want to know about my Computer?

Explorer killed successfully
File/Folder C:\WINDOWS\BIO.exe not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BIO >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BIO deleted successfully.
< HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} >
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\\ deleted successfully.
< HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3215F20-3212-11D6-9F8B-00D0B743919D} >
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3215F20-3212-11D6-9F8B-00D0B743919D}\\ deleted successfully.
File move failed. D:\AUTORUN.INF scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\autorun.pcx scheduled to be moved on reboot.
File move failed. D:\AUTORUN.EXE scheduled to be moved on reboot.
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
< EmptyTemp >
File delete failed. C:\DOCUME~1\JIM\LOCALS~1\Temp\Acr12.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JIM\LOCALS~1\Temp\Acr13.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JIM\LOCALS~1\Temp\~DF3C51.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JIM\LOCALS~1\Temp\~DF3C96.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JIM\LOCALS~1\Temp\~DF891B.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JIM\LOCALS~1\Temp\~DF89A3.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\JETD4B5.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08252008_223916

Files moved on Reboot...
File move failed. D:\AUTORUN.INF scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\autorun.pcx scheduled to be moved on reboot.
File move failed. D:\AUTORUN.EXE scheduled to be moved on reboot.
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
File C:\DOCUME~1\JIM\LOCALS~1\Temp\Acr12.tmp not found!
File C:\DOCUME~1\JIM\LOCALS~1\Temp\Acr13.tmp not found!
File C:\DOCUME~1\JIM\LOCALS~1\Temp\~DF3C51.tmp not found!
File C:\DOCUME~1\JIM\LOCALS~1\Temp\~DF3C96.tmp not found!
File C:\DOCUME~1\JIM\LOCALS~1\Temp\~DF891B.tmp not found!
File C:\DOCUME~1\JIM\LOCALS~1\Temp\~DF89A3.tmp not found!
File C:\WINDOWS\temp\JETD4B5.tmp not found!
  • 0

#8
Jimi Z

Jimi Z

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here is the JavaRa log

JavaRa 1.11 Removal Log.Report follows after

line.------------------------------------The JavaRa removal process was

started on Mon Aug 25 23:06:18 2008

Found and removed: C:\Program Files\Java\j2re1.4.1_01Found and removed:

C:\Program Files\Java\jre1.5.0_06Found and removed: C:\Program

Files\Java\jre1.5.0_09Found and removed: C:\Program

Files\Java\jre1.5.0_11Found and removed: C:\Program

Files\Java\jre1.6.0_01Found and removed: C:\Program

Files\Java\jre1.6.0_02Found and removed: C:\Program

Files\Java\jre1.6.0_03Found and removed: C:\Program

Files\Java\jre1.6.0_05Found and removed: C:\Program

Files\Java\jre1.6.0_06Found and removed: C:\Program Files\Common

Files\Java\Update\Base Images\jre1.5.0.b64Found and removed:

C:\Documents and Settings\All Users\Start Menu\Programs\Java 2 Runtime

EnvironmentFound and removed: C:\Program Files\Java Web StartFound and

removed: SOFTWARE\Classes\JavaSoft.JavaBeansBridgeFound and removed:

SOFTWARE\Classes\JavaSoft.JavaBeansBridge.1Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\javaw.ExeFound and

removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4Found and

removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Java Web

StartFound and removed: Software\JavaSoft\Java2D\1.5.0_06Found and

removed: Software\JavaSoft\Java2D\1.5.0_09Found and removed:

Software\JavaSoft\Java2D\1.5.0_11Found and removed:

SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}Found and

removed:

SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}Found and

removed:

SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}Found and

removed:

SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006Fou

nd and removed:

SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510009Fou

nd and removed:

SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511001Fou

nd and removed:

SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006Fou

nd and removed:

SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510009Fou

nd and removed:

SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511001Fou

nd and removed:

SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D51000

6Found and removed:

SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D51000

9Found and removed:

SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D51100

1Found and removed: SOFTWARE\Classes\JavaPlugin.150_06Found and

removed: SOFTWARE\Classes\JavaPlugin.150_09Found and removed:

SOFTWARE\Classes\JavaPlugin.150_11Found and removed:

SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0Found and removed:

SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06Found and removed:

SOFTWARE\JavaSoft\Java Plug-in\1.5.0_09Found and removed:

SOFTWARE\JavaSoft\Java Plug-in\1.5.0_11Found and removed:

SOFTWARE\JavaSoft\Java Runtime Environment\1.5Found and removed:

SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06Found and removed:

SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_09Found and removed:

SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11Found and removed:

SOFTWARE\Microsoft\Code Store Database\Distribution

Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}Found and removed:

SOFTWARE\Microsoft\Code Store Database\Distribution

Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}Found and removed:

SOFTWARE\Microsoft\Code Store Database\Distribution

Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\C

omponents\ACBB9B2318A96D117A58000B0D510006Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\C

omponents\ACBB9B2318A96D117A58000B0D510009Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\C

omponents\ACBB9B2318A96D117A58000B0D511001Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\P

roducts\8A0F842331866D117AB7000B0D510006Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\P

roducts\8A0F842331866D117AB7000B0D510009Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\P

roducts\8A0F842331866D117AB7000B0D511001Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6

-A77B-00B0D0150060}Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6

-A77B-00B0D0150090}Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6

-A77B-00B0D0150110}Found and removed:

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}Found and

removed:

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}Found and

removed:

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}Found and

removed:

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}Found and

removed:

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}Found and

removed:

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}Found and

removed:

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}Found and

removed:

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}Found and

removed:

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}Found and

removed:

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}Found and

removed:

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}Found and

removed:

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}Found and

removed:

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}Found and

removed:

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}Found and

removed:

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}Found and

removed:

SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001Fou

nd and removed:

SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002Fou

nd and removed:

SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003Fou

nd and removed:

SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005Fou

nd and removed:

SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610006Fou

nd and removed:

SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001Fou

nd and removed:

SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002Fou

nd and removed:

SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003Fou

nd and removed:

SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005Fou

nd and removed:

SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610006Fou

nd and removed:

SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D61000

1Found and removed:

SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D61000

2Found and removed:

SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D61000

3Found and removed:

SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D61000

5Found and removed:

SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D61000

6Found and removed: SOFTWARE\Classes\JavaPlugin.160_01Found and

removed: SOFTWARE\Classes\JavaPlugin.160_02Found and removed:

SOFTWARE\Classes\JavaPlugin.160_03Found and removed:

SOFTWARE\Classes\JavaPlugin.160_05Found and removed:

SOFTWARE\Classes\JavaPlugin.160_06Found and removed:

SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01Found and removed:

SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02Found and removed:

SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03Found and removed:

SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05Found and removed:

SOFTWARE\JavaSoft\Java Plug-in\1.6.0_06Found and removed:

SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01Found and removed:

SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02Found and removed:

SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03Found and removed:

SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05Found and removed:

SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_06Found and removed:

SOFTWARE\Microsoft\Code Store Database\Distribution

Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}Found and removed:

SOFTWARE\Microsoft\Code Store Database\Distribution

Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}Found and removed:

SOFTWARE\Microsoft\Code Store Database\Distribution

Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}Found and removed:

SOFTWARE\Microsoft\Code Store Database\Distribution

Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}Found and removed:

SOFTWARE\Microsoft\Code Store Database\Distribution

Units\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F84

2331866D117AB7000B0D610001Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F84

2331866D117AB7000B0D610002Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F84

2331866D117AB7000B0D610003Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F84

2331866D117AB7000B0D610005Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F84

2331866D117AB7000B0D610006Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\C

omponents\ACBB9B2318A96D117A58000B0D610001Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\C

omponents\ACBB9B2318A96D117A58000B0D610002Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\C

omponents\ACBB9B2318A96D117A58000B0D610003Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\C

omponents\ACBB9B2318A96D117A58000B0D610005Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\C

omponents\ACBB9B2318A96D117A58000B0D610006Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\P

roducts\8A0F842331866D117AB7000B0D610001Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\P

roducts\8A0F842331866D117AB7000B0D610002Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\P

roducts\8A0F842331866D117AB7000B0D610003Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\P

roducts\8A0F842331866D117AB7000B0D610005Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\P

roducts\8A0F842331866D117AB7000B0D610006Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6

-A77B-00B0D0160010}Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6

-A77B-00B0D0160020}Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6

-A77B-00B0D0160030}Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6

-A77B-00B0D0160050}Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6

-A77B-00B0D0160060}Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1666FA7C-CB5F-11D6

-A78C-00B0D079AF64}Found and removed:

SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}Found and

removed:

SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}Found and

removed: SOFTWARE\Classes\JavaPlugin.141_01Found and removed:

SOFTWARE\JavaSoft\Java Plug-in\1.4.1_01Found and removed:

SOFTWARE\JavaSoft\Java Runtime Environment\1.4.1_01Found and removed:

SOFTWARE\JavaSoft\Java Web Start\1.5.0_06Found and removed:

SOFTWARE\JavaSoft\Java Web Start\1.5.0_09Found and removed:

SOFTWARE\JavaSoft\Java Web Start\1.5.0_11Found and removed:

SOFTWARE\Microsoft\Code Store Database\Distribution

Units\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}Found and removed:

Software\Classes\JavaPlugin.141_01Found and removed:

Software\Classes\JavaPlugin.160_01Found and removed:

Software\Classes\JavaPlugin.160_02Found and removed:

Software\Classes\JavaPlugin.160_03Found and removed:

Software\Classes\JavaPlugin.160_05Found and removed:

Software\Classes\JavaPlugin.160_06Found and removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}Found and

removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program

Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\Found and

removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program

Files\Java\jre1.5.0_06\Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program

Files\Java\jre1.5.0_09\Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program

Files\Java\jre1.5.0_11\Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program

Files\Java\jre1.6.0_01\Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program

Files\Java\jre1.6.0_02\Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program

Files\Java\jre1.6.0_03\Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program

Files\Java\jre1.6.0_05\Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program

Files\Java\jre1.6.0_06\Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program

Files\Java\jre1.6.0_01\bin\Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program

Files\Java\jre1.6.0_02\bin\Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program

Files\Java\jre1.6.0_03\bin\Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program

Files\Java\jre1.6.0_05\bin\Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program

Files\Java\jre1.6.0_06\bin\Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program

Files\Common Files\Java\Update\Base

Images\jre1.6.0.b105\patch-jre1.6.0_01.b06\Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program

Files\Common Files\Java\Update\Base

Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program

Files\Common Files\Java\Update\Base

Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program

Files\Common Files\Java\Update\Base

Images\jre1.6.0.b105\patch-jre1.6.0_06.b02\Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program

Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zipFound

and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program

Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zipFound

and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program

Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zipFound

and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1Found and removed:

SOFTWARE\JavaSoft\Java Web Start\1.0.1_02Found and removed:

SOFTWARE\JavaSoft\Java Web Start\1.0.1_03Found and removed:

SOFTWARE\JavaSoft\Java Web Start\1.0.1_04Found and removed:

SOFTWARE\JavaSoft\Java Web Start\1.2Found and removed:

SOFTWARE\JavaSoft\Java Web Start\1.2.0_01Found and removed:

SOFTWARE\JavaSoft\Java Web Start\1.6.0_01Found and removed:

SOFTWARE\JavaSoft\Java Web Start\1.6.0_02Found and removed:

SOFTWARE\JavaSoft\Java Web Start\1.6.0_03Found and removed:

SOFTWARE\JavaSoft\Java Web Start\1.6.0_05Found and removed:

SOFTWARE\JavaSoft\Java Web Start\1.6.0_06Found and removed:

Software\JavaSoft\Java2D\1.6.0_01Found and removed:

Software\JavaSoft\Java2D\1.6.0_02Found and removed:

Software\JavaSoft\Java2D\1.6.0_03Found and removed:

Software\JavaSoft\Java2D\1.6.0_05Found and removed:

Software\JavaSoft\Java2D\1.6.0_06Found and removed:

Software\JavaSoft\Java Runtime Environment\1.6.0_01Found and removed:

Software\JavaSoft\Java Runtime Environment\1.6.0_02Found and removed:

Software\JavaSoft\Java Runtime Environment\1.6.0_03Found and removed:

Software\JavaSoft\Java Runtime Environment\1.6.0_05Found and removed:

Software\JavaSoft\Java Runtime Environment\1.6.0_06Found and removed:

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2BFDD8E-D276-11D6

-88AF-0050DA21757E}Found and removed: SOFTWARE\JavaSoft\Java

Plug-in\1.3.1_06Found and removed: SOFTWARE\JavaSoft\Java Runtime

Environment\1.3.1_06Found and removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}Found and

removed:

Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}Found and

removed: C:\Program Files\JavaSoftJavaRa 1.11 Removal Log.Report

follows after line.------------------------------------The JavaRa

removal process was started on Mon Aug 25 23:11:39 2008

------------------------------------Finished reporting.
  • 0

#9
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Ok.. waiting for your ESET Online Scanner result


BTW, What do you want to know about my Computer?


I want to know whether you still have malware problem in your computer after performing all steps given.. :)
  • 0

#10
Jimi Z

Jimi Z

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
As far as I can tell everything is ok. The wallpaper is gone, the computer reboots, it seems faster but I won't really know untill I use it tomorrow. If you find anything wrong with the log that follows, I'll have to work on it tomorrow. I gotta get some sleep, 5:15 am EST comes fast from 1:50 am EST.

Thank you very much for your promp responses and all your help.

Here is the Online Scanner log.

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3387 (20080826)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=b2040dd7f9daa540bd300728dbf89b39
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-08-26 05:41:55
# local_time=2008-08-26 01:41:55 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=317421
# found=16
# scan_time=7438
C:\BSINSTALL.exe Win32/Adware.SaveNow application (deleted) 00000000000000000000000000000000
C:\BSINSTALL.exe »WISE »saveinstwm.exe Win32/Adware.SaveNow application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\JIM\Application Data\Sun\Java\Deployment\cache\6.0\17\299e4e91-181bf5a9 Java/TrojanDownloader.OpenStream.NAC trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\JIM\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-45f6934d Java/Exploit.Bytverify trojan (deleted) 00000000000000000000000000000000
C:\Documents and Settings\JIM\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-45f6934d »ZIP »Dvnny.class Java/Exploit.Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\JIM\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-45f6934d »ZIP »Dex.class Java/Exploit.Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\JIM\Application Data\Sun\Java\Deployment\cache\6.0\43\330fa4eb-32581b64 Java/TrojanDownloader.OpenStream.NAB trojan (deleted) 00000000000000000000000000000000
C:\Documents and Settings\JIM\Application Data\Sun\Java\Deployment\cache\6.0\43\330fa4eb-32581b64 »ZIP »OP.class Java/TrojanDownloader.OpenStream.NAB trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\JIM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-1130fbe7.zip Java/Exploit.Bytverify trojan (deleted) 00000000000000000000000000000000
C:\Documents and Settings\JIM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-1130fbe7.zip »ZIP »Dvnny.class Java/Exploit.Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\JIM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-1130fbe7.zip »ZIP »Dex.class Java/Exploit.Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe Win32/Adware.180Solutions application (deleted) 00000000000000000000000000000000
C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe »WISE »BearShareZangoInstaller.exe Win32/Adware.180Solutions application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000036.exe Win32/Adware.XPAntivirus application (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002094.exe Win32/Adware.SaveNow application (deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002094.exe »WISE »saveinstwm.exe Win32/Adware.SaveNow application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
  • 0

#11
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please post a fresh HijackThis log for my review :)
  • 0

#12
Jimi Z

Jimi Z

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here is the fresh HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:41:38 AM, on 8/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sootoday.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [shawnotify] c:\progra~1\shaw\update\siuloader.exe /notify
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {3C5B2DBA-9C59-4A9D-8CB2-D67F93863962} (CSGI Control) - http://www.crystalsq.../games/CSGI.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...abs/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yim...ctl_0_0_0_1.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1200270043875
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX25.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.blackphot...x/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnime...tupv2.0.0.9.cab?
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnime...upv2.0.0.10.cab?
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - http://ca.f412.mail....e...ew=a&head=b
O24 - Desktop Component 2: Intelligent Desktop - intelligentdesktop.com - http://active.intell...ctive/?18069318

--
End of file - 12659 bytes
  • 0

#13
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Your log looks good to me.. I'm gonna set you free :)


Now for some cleanup..
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.




NEXT


Let's clean your Restore Points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous Restore Points which are likely to be infected)
To create a new Restore Point.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK. This will flush your old System Restore.
  • Then please UNCHECK the Turn off System Restore.
  • Click again on Apply, and then click OK. This will create a new Restore Point
System Restore will now be active again


Then please create a fresh Restore Point.. Please visit this webpage if you do not know how..




Lastly, to keep your operating system up to date please visit the link below monthly

Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512
  • 0

#14
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP